Data Safety Form
1. Data Collection and Sharing
| Question | Answer |
|---|---|
| Does your app collect or share any of the required user data types? | Yes, it collects data (see details below). |
| Is any collected data shared with third parties? | No. Data is stored in Firebase services controlled by Tefteri and is not shared with external third parties for their independent use. |
| Is all transmitted data encrypted in transit? | Yes. Communication with Firebase uses HTTPS/TLS. |
| Do you provide a way for users to request data deletion? | Yes. Users can delete entries and accounts in-app, or request deletion through the Account Deletion page. |
2. Data Types
2.1 Personal Information
- Email address
- Collected: Yes (Google Sign-In)
- Shared: No
- Purpose: Account creation, authentication, security notifications.
- Data handling: User may request deletion; retained while account active.
2.2 Health and Fitness
- Health-related notes, visit history, and reminder details
- Collected: Yes (user-generated)
- Shared: No
- Purpose: Core functionality — tracking medical visits and reminders.
- Data handling: Users control entries and may delete or request full account deletion.
2.3 App Activity
- Sync metadata (created/updated timestamps for entries)
- Collected: Yes
- Shared: No
- Purpose: Sync reliability and data integrity.
- Data handling: Stored locally and, for signed-in sync users, in Firestore; removed upon account deletion where applicable.
2.4 Device or Other IDs
- Firebase or device identifiers processed by service SDKs
- Collected: May be processed automatically by Firebase or platform SDKs for authentication, security, and service reliability.
- Shared: No
- Purpose: Maintain authentication, security, and service reliability. Tefteri uses local device notifications and does not collect an Expo push token.
- Data handling: Managed by the relevant service provider and deleted or disassociated where feasible when the account is deleted.
2.5 Optional / Not Collected
Location data, financial info, contact lists, photos & videos, microphone/voice data, calendar events (outside the app) — Not collected.
3. Data Usage Purposes
- App functionality: Email, health notes, app activity, device IDs.
- Analytics: Not currently collected.
- Advertising: Not used.
- Developer communications: Email for responding to support requests.
- Fraud prevention, security: Device IDs, app activity used to protect accounts.
- Account management: Email and user-generated data.
4. User Data Handling
| Handling Requirement | Approach |
|---|---|
| User-initiated deletion | Users can edit or delete visits/reminders in-app. Full account deletion is available in-app and through the public Account Deletion page. |
| Automatic deletion schedule | Account deletion requests are completed within 30 days unless retention is legally required. Backup copies may remain temporarily under Firebase/Google backup retention processes before automatic purge. |
| Data retention justification | Data retained while account active to provide notebook functionality. |
5. Additional Declarations
- The app may request notification permissions for reminders. No SMS, contacts, or phone permissions are requested.
- No background location access or physical activity sensors are used.
- No data is sold.
- Update the Data Safety answers if you integrate new SDKs (analytics, ads, crash reporting beyond Firebase) or begin sharing data externally.
6. Support Contact
Privacy inquiries and deletion requests: privacy@pavlossta.com